‘Slingshot’ Cyber Espionage Campaign Hacks Network Routers

A new cybersecurity problem has been discovered this week; native English speaking nation-state advanced hacking group is conducting these days a big cyber espionage campaign targeting Africa and the Middle East. Hackers from this group are infecting network routers to steal credentials from their victims and then move freely throughout the network.

This stealthy and highly sophisticated campaign is named Slingshot. This campaign has victims in Kenya, Yemen, Libya, Afghanistan, Iraq, Tanzania, Greece, Jordan, Somalia, Tunisia, Turkey, Mauritius, and the United Arab Emirates.
The final purpose of this campaign, for hackers, was to obtaining kernel-mode access to victim devices then gather screenshots, network information, keyboard data, passwords, USB connections, and other data and logs.

For now, the exact initially method used to compromises the targeted network routers is unclear, but we suspect that was possible by exploiting a cybersecurity weakness like gaining control by hijacking a poorly protected device from that network. This is why a cybersecurity solution is always needed on every device, so depending on which OS your device is running it is mandatory to install an antivirus for Windows or antivirus for Mac.

Slingshot campaign targeted MikroTik routers by using a malicious dynamic link library (DLL) on the devices that were, in fact, a downloader for the other malware. After this when router admins access the infected router, their devices would get silently compromised via the infected router.
This new cybersecurity problem: router hacking is a rare method of attack used by the hackers, but it’s an efficient one because the malware can sit on these perimeter devices unnoticed because few strong cybersecurity solution tools can detect it.

Router cybersecurity represents a “blind spot” for companies all over the world. A robust cybersecurity solution can be implemented by a specialized cybersecurity company only after its cybersecurity experts run some advance cybersecurity tests to your company networks, like penetration tests, and ethical hacking tests. This kind of checks must be made at least one year because cyber security threats evolve and you must find and fix any cybersecurity flaws as soon as they are discovered.

After compromising the entire network the hackers also install code that allows them to store their stolen data such as keylogger files, system information, and other data encrypted on the victim’s hard drive for easy access.
A passive network-driven backdoor was used to encrypt and hide all network traffic.
We aren’t sure who is behind this campaign, but we have discovered some intriguing clues: Slingshot campaign is carried by a native English-speaking group that employs techniques used by the Russian-speaking group Turla, Equation Group’s – an NSA hacking team, and tools from White Lambert – a CIA hacking team.

As you see the rate of such attacks is increasing exponentially day by day and this is why is imperative to protect all of your devices whit a robust cybersecurity solution, depending on which OS your device is running it is mandatory to install an antivirus for Windows or antivirus for Mac.
If you are a company the install of antivirus is only the first layer of security, you must contract a cybersecurity company that will carry some advance cybersecurity tests to your company networks, like penetration tests, and ethical hacking tests. This kind of checks must be made at least one per year because cyber security threats evolve and you must find and fix any cybersecurity flaws as soon as they are discovered.

If your business is a 100% online business consider using only cyber-secured web hosting services.